Modifying existing LDAP information using ldap_modify()
The link_identifier must result from a call to connect to the server with authority to update entries, usually requiring an authenticated bind - ie you provide a suitable dn and password in the ldap_bind() call.
The dn must be a single specific dn that exists on the LDAP server. There is no wildcard mechanism in LDAP to globally change multiple dn entries.
The entry array must be in one of two different forms, according to whether just one entry is to be stored in the directory for a particular attribute, or whether multiple entries are to be stored for the attribute.
Where a single entry is to be stored for an attribute - say just a single email address - then you use the general form
<?php $newinfo[ <attribute_name> ]="whatever" ; ?>
for example ...
<?php $newinfo["mail"]="[email protected]" ; ?>
Where multiple entries are to be stored for an attribute - say a number of email addresses for one person - then you use the general form
<?php
$newinfo[ <attribute_name> ][0] = "whatever" ;
$newinfo[ <attribute_name> ][1] = "another" ;
?>
for example ...
<?php
$newinfo["mail"][0]="[email protected]" ;
$newinfo["mail"][1]="[email protected]" ;
?>
Further notes on ldap_modify()
The modify call leaves entries for all other attributes unaltered. So if you just want to update the entry for the "mail" attribute, then all that is required is:
<?php
$newinfo[mail]="[email protected]";
ldap_modify($valid_ldaplink, $valid_dn, $newinfo);
?>
However, if there were multiple entries for the mail attribute present on the LDAP database when you run the above code, then all the existing mail entries would be deleted and be replaced by the single "mail" entry.
If you have reason to expect multiple values for a particular attribute (more that one email entry, for example) you should make sure you read all the entries from the ldap server first, and then save a modified array.
The PHP LDAP interface does not currently support direct modification of the dn. If the dn needs changing, the only option is to read all entries for the dn and save these to a new, modified, dn before deleting the complete entry for the original dn.